Privacy Policy

1. Who we are

FileTransferNow (filetransfernow.com) is operated by Shrestha Tripathi, an independent developer based in India. For the purposes of GDPR and similar regulations, Shrestha Tripathi is the data controller. Contact: shrestha.tripathi@gmail.com.

2. Data we do NOT collect

The FileTransferNow architecture is built so that the following are never accessible to us — not even theoretically:

• File contents — files stream peer-to-peer over end-to-end DTLS-encrypted WebRTC channels between the sender's and receiver's browsers. No file byte enters any server we operate.
• Filenames or metadata — never seen, logged, or stored by our infrastructure.
• Chat messages sent in the in-app chat panel — these travel on the same end-to-end encrypted WebRTC channel.
• User accounts — there are none. We don't collect names, emails, phone numbers, or any identifying information from users of the transfer tool.

3. Data we do collect (and why)

3.1 Signaling-server data (ephemeral)

To help two browsers find each other on the public internet, our signaling server (a Cloudflare Worker with a Durable Object) briefly handles WebRTC connection metadata:

• Room IDs — random opaque strings that don't identify users. Held in memory only while at least one peer is in the room, then discarded.
• WebRTC SDP and ICE candidates — technical handshake messages containing network endpoint info (IP addresses, ports). Forwarded between peers and not persisted.

This data is held only as long as the room is active and is never written to disk, never logged, and never shared.

3.2 Web server access logs

Our static-site host (Cloudflare Pages) may briefly log standard HTTP request metadata for security and abuse prevention: IP address, user agent, requested URL, response status, timestamp. These logs are retained per Cloudflare's policy (typically < 30 days) and are not joined with any other data we hold.

3.3 Local browser storage (yours, not ours)

FileTransferNow uses your browser's local storage for legitimate functional reasons. None of this leaves your device:

• localStorage — theme preference, sound toggle, device nickname, paired-device list.
• Origin Private File System (OPFS) — partial file data during in-progress transfers, so transfers can resume if the connection drops. Automatically garbage-collected after 7 days.
• Service Worker cache — offline assets for the Progressive Web App.

4. Lawful basis (GDPR)

For EU/UK users, our lawful basis for processing the ephemeral signaling-server data and standard web-server access logs is legitimate interest (GDPR Article 6(1)(f)) — specifically, providing the requested file transfer service and protecting our infrastructure from abuse. No processing is based on consent because no personal data beyond standard internet protocol metadata is collected.

5. Third-party services

We rely on the following infrastructure providers. Each has its own privacy policy that applies to data they process on our behalf:

• Cloudflare — static-site hosting (Pages), edge compute for the signaling server (Workers + Durable Objects), and STUN/TURN fallback for WebRTC NAT traversal. Cloudflare's privacy policy.
• Google STUN — stun.l.google.com is the default WebRTC STUN server used by most browsers to discover the user's public IP. STUN servers see only the discovery probe, never file content. Google's privacy policy.
• Google AdSense (if shown) — we may display contextual advertising on content pages (never on the transfer interface) to cover infrastructure costs. AdSense uses cookies and may collect data per Google's advertising policy. You can opt out via Google Ad Settings.

We do not currently use any third-party analytics, fingerprinting, A/B-testing, or behavioral-tracking services.

6. Cookies

FileTransferNow sets no first-party cookies for analytics, advertising, or tracking. All site preferences (theme, sound, etc.) are stored in your browser's localStorage and never sent to us.

If we serve AdSense or similar third-party ads on content pages, those services may set their own cookies. You can manage these through your browser settings or by opting out at youronlinechoices.com (EU) or optout.aboutads.info (US).

7. Your rights

Under GDPR (EU/UK), CCPA (California), and similar privacy regulations, you generally have the right to access, rectify, delete, or restrict processing of your personal data, and to data portability and to object to processing.

In practice, the amount of personal data we hold about any individual user is effectively zero — we don't have accounts, we don't store file content, and signaling-server data is ephemeral and not joined to any identifier. There is, therefore, very little for us to act on in response to an individual access or deletion request. If you have a specific concern, please email shrestha.tripathi@gmail.com and we will respond within 30 days.

8. Children's privacy

FileTransferNow is a general-audience tool. We do not knowingly collect personal data from children under 13 (or under 16 in the EU where applicable). If you believe a child has provided personal data to us, please contact shrestha.tripathi@gmail.com and we will delete it.

9. International data transfers

Our infrastructure providers (Cloudflare, Google) operate globally. Standard internet protocol metadata may transit servers in various jurisdictions. We rely on these providers' Standard Contractual Clauses and equivalent safeguards for cross-border transfers.

10. Data retention

• Signaling data — held only while a room is active; discarded as soon as the room is empty (typically seconds to minutes).
• Web-server access logs — retained per Cloudflare's policy (typically < 30 days).
• File content and metadata — never collected, so never retained.
• Local browser storage — stays on your device; auto-cleared OPFS partials after 7 days; you can clear everything via your browser's site settings at any time.

11. Changes to this policy

We may update this policy as the product evolves. When we do, we'll change the "Last updated" date at the top. Material changes will be announced on the homepage for at least 30 days before taking effect. The current version is always at https://filetransfernow.com//privacy-policy.

12. Contact

Questions about this policy, or a privacy request: shrestha.tripathi@gmail.com. See the contact page for all other ways to reach us.